Back to Security Pattern Catalog

Single Sign On Delegator

Classification Key : Perimeter Security, Spoofing


In a heterogeneous security environment, multiple vendors produce identity management facility and they are based on different assumptions. Thus an SSO facility would tend to have a tight coupling with the application logic. How can the SSO mechanism be made such that it interact between diverse entities and yet has loose coupling?


Encapsulate access to identity management and SSO functionalities, following independent evolution of loosely coupled identity management services while providing system availability. An SSO Delegator resides in the middle tier between the clients and the identity management service components. It delegates the service request to remote service components. Decouple the physical security service interfaces and hides the details of service invocation, retrieval of security configuration or credential token processing from the client. The SSO Delegator in turn prepares for SSO, configures the security session, looks up physical security service interfaces, invokes appropriate service and performs global logout in the end. Such loosely coupled application architecture minimizes the change impact to the client.

Known Uses

Single sign on delegator implementation to invoke remote security services using EJB.

Related Patterns

Single Sign On


Sun Book


Single Sign On, Identity


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz